VPN Devices Need Patching: New Vulnerabilities Have Been Discovered
The Canadian Centre for Cybersecurity recently stressed the importance of keeping VPN devices up-to-date. Because VPN devices act as points of contact between a network and the internet, they are particularly vulnerable to cyberattack.
The Centre for Cybersecurity identified four types of VPN that are particularly vulnerable: Fortinet Forigate, Palo Alto GlobalProtect, Pulse Connect Secure, and Pulse Policy Secure. Vulnerabilities in these VPN services can allow attackers to do anything from changing passwords of user portals to downloading malicious files onto the victims’ computers. For example, Palo Algo GlobalProtect VPN is susceptible to a vulnerability called CVE-2019-1579 which, when exploited, allows attackers to execute unauthorized code on a computer without the permission of the user.
Troy Mursch, an independent researcher, stated that over 14 000 Pulse Secure VPN endpoints were still susceptible to the CVE-2019-11510 vulnerability. It was found that industries including military, government, universities, and hospitals are still affected.
These vulnerabilities were discovered by DEVCORE researchers during the recent Black Hat USA 2019 Conference – a computer security event with a focus around training and briefing. Prior to announcing the vulnerabilities to the public, the researchers disclosed their findings to the affected developers so official fixes would be released simultaneously.
Between April and July this year, several patches fixing the vulnerabiltiies were released by Fortinet, Palo Alto Networks, and Pulse Secure.
Protecting Yourself from VPN vulnerabilities
When known vulnerabilities are announced to the public, it is essential that you update your affected systems to the latest patches. Cyberattackers are constantly scanning the internet for endpoint devices that are unprotected. Many are now automating this process, making the threat more immediate than ever.
GIGE IT Corporation’s network security technicians have years of experience designing and deploying security solutions for businesses. Don’t leave yourself vulnerable to cyberattack – contact us at firstname.lastname@example.org or 888 366 4443 to get started with us immediately.